Category Archives: Network Monitoring and Analysis Education

Packet vs. Flow-based Network Analysis – the Markets Speak

With the introduction of flow-based metrics nearly a decade ago, the debate began between the use of flow-based metrics and deep packet inspection for network monitoring and analysis. Prior to the introduction, deep packet inspection was the go-to solution for both overall network monitoring and detailed network analysis. But as NetFlow data became more and more available from network devices, the market saw a definite shift towards flow-based data, especially for overall network monitoring.

And because NetFlow is so readily available, and so many IT organizations jumped on the NetFlow bandwagon, the use cases for NetFlow reporting expanded, with many organizations looking to NetFlow to be their only network monitoring and analysis solution.

But packet-based network monitoring and analysis solutions did not fade into the woodwork. Those who are ultimately responsible for troubleshooting complex network problems (you know who you are) never overestimated the capabilities of NetFlow and never underestimated those of deep packet inspection (DPI). Even though NetFlow-based solutions gained ground in the NOC, DPI solutions were not displaced. Over time the urge of IT management to make NetFlow solutions fit for every situation subsided, and both NetFlow and DPI solutions now coexist within the IT management infrastructure, each with its place. Flow-based solutions for monitoring; packet-based solutions for detailed analysis and troubleshooting.

And this week the markets validated what network engineers have known all along. DPI solutions are alive and well, and have a solid future within the portfolio of IT management solutions. How did the markets show this? With the announcement that JDSU plans to acquire Network Instruments for $200M. According to an online article on Enterprise Network Planet, Network Instruments revenue for the past 12 months was approximately $40M. So that means that Network Instruments sold for 5x its current annual revenue, a very strong showing indeed which reflects very nicely on the overall strength of the packet-based network analysis market.

So let’s stop looking at flow-based vs. packet-based as a debate, or an either-or decision. They both have their place in the IT infrastructure, and both serve a very valuable, albeit different, function. When planning for overall network visibility, packet-based network analysis must be part of the solution.

How to Choose the Right Network Monitoring Solution

The global network monitoring tool market continues to grow. Now more than ever network managers need to be able to maintain complex networks around the clock, creating an increased need for network monitoring solutions.

Although the need for network monitoring is clear, once you actually start searching for the right one, it’s easy to get overwhelmed. There are many options to choose from, and it’s important to find the right solution to fit your company’s unique needs. A good place to start is with the basics. Be sure to choose a network monitoring solution that offers these key features:

Clear reporting: A user-friendly network monitoring solution provides details about performance, bandwidth, traffic, and availability in multiple formats that are easy to review, understand, and analyze. Reports might take the form of graphs, charts, lists, or detailed written reports. Reports should also be able to be saved and stored, giving IT an overview of the network and its issues over the long-term to inform improvement and maintenance efforts.

Scalability: A robust solution will grow as the business expands and network traffic increases. As a company grows and adds more offices, machines, and devices, the demands on the network will increase as well. A good network monitoring solution is based on flexible appliances that can be upgraded as network demands increase (vs. rip and replace) with easy addition of software licenses as the management team grows.

Integration: A comprehensive network monitoring solution will unite all the different parts of the network under a single umbrella, enabling a holistic, real-time view of the network and clear communication between all parts and components. This ensures no critical information gets lost, and ensures continuity of access and optimal network performance even if there’s a problem in one area of the network.

Alerts: Alarms and alerts are critical functions of a network monitoring solution, as they let network managers know when there is an error or problem, such as an over-subscribed device, exceeded thresholds, bottlenecks, or other network issues. IT should be able to configure alarms to suit the department’s needs and preferred methods of notification.

Efficiency and productivity: The main goal of network monitoring is to streamline IT and network management, boosting productivity, avoiding problems, and saving time and money. By using a network monitoring solution, IT can waste less time putting out fires in multiple locations and monitoring various parts of the network separately. Instead, the entire network can be monitored at a glance by an individual engineer or network manager, even when the network extends to remote or mobile offices. This reduces the chance of errors and lost information, as well as reducing IT hours and dollars spent.

Simplicity and user friendliness: Above all, the right network monitoring solution is the one that is easiest to deploy, use, and understand. IT personnel should be able to learn and operate the tools with ease, and customize certain aspects to suit individual preferences and the needs of the business.

The perfect network monitoring solution keeps both the network in optimum working condition and simplifies oversight and management, making managing a complex network simpler and more efficient.

Looking for a solution that meets these criteria? Check out WildPackets complete solution at http://www.wildpackets.com/products/network_appliances.

The Challenges of Virtualization in Higher Speed Networks

The proliferation of virtualization coupled with the increase in 10G, 40G, and 100G networks has created blind spots in network and application monitoring. While virtualization has been widely adopted as a means of cutting costs and increasing efficiencies, allowing organizations to respond faster to changing business demands, the lack of network visibility increases the challenges in diagnosing and analyzing performance issues, both network and application Air Blower.

Preventing performance issues and outages in such environments is critical to maintaining the pace of business, and as networks grow, monitoring and managing network performance becomes increasingly complex and expensive. Therefore, IT administrators must work to ensure their company’s networks can rapidly scale and deliver computing resources efficiently.

The issue is further highlighted by the results of our recent survey, The State of Faster Networks, which found that 43 percent of respondents reported limited or no network visibility as their biggest challenge in their transition to 10G+ networks. To combat these challenges, respondents stated they need more real-time statistics and faster forensic search times, two capabilities that become even more important in virtual environments.

Virtual servers remain a very tempting target for security breaches. An attacker only has to compromise one layer in order to gain access to many different layers. And with the introduction of blind spots in virtual systems, the potential for an organization to remain in the dark about security vulnerabilities is even higher.

So, what causes these virtual network blind spots? In traditional network analysis, physical LANs and physical Ethernet adapters connect directly to a physical appliance. However, in the case of virtualization, applications may be communicating with each other without ever accessing a physical network port. This traffic never leaves the virtual machine, and there is no practical way to monitor or manage this internal virtual network traffic.

Solutions for eliminating the blind spots vary, depending on the complexity of the virtual environment. For stand-alone virtual servers, a software probe that runs as one of the virtualized applications is often enough to capture and analyze the traffic across the entire virtual server, offering a cost-effective solution to eliminate blind spots within the server. For more complex systems consisting of multiple servers or blades across a virtual backbone, a dedicated network analysis appliance is the best solution for gaining visibility into the entire virtual system. If the system being used offers the capability to span virtual switch ports, enabling this feature will allow the network analysis appliance to directly connect to the virtual network traffic. If not, third-party virtual taps can be used to tap the virtual traffic and make it available to external network analysis appliances.

If you are working in a virtual environment and encounter problems capturing data, view our webcast, “The Blind Spot in Virtual Servers: Seeing with Network Analysis.” With the tips you’ll learn, you’ll be on your way to a more efficient and reliable network analysis solution in no time.